Sample viewer

vx.netlux.org/Virus.DOS.Leo.3949

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:19.300352631Z	26	PC: 12a9b \| Set disk transfer address
2018-12-17T23:09:19.30254942Z	71	PC: 12aa5 \| Get current directory
2018-12-17T23:09:19.30617882Z	59	PC: 12aae \| Change current directory
2018-12-17T23:09:19.311471398Z	78	PC: 12aba \| Find first file
2018-12-17T23:09:19.318424175Z	79	PC: 12ac6 \| Find next file
2018-12-17T23:09:19.321813375Z	59	PC: 12ad7 \| Change current directory
2018-12-17T23:09:19.328353847Z	47	PC: 12adb \| Get disk transfer address
2018-12-17T23:09:19.330038924Z	26	PC: 12aec \| Set disk transfer address
2018-12-17T23:09:19.332960986Z	78	PC: 12af8 \| Find first file
2018-12-17T23:09:19.339335587Z	47	PC: 12b25 \| Get disk transfer address
2018-12-17T23:09:19.340777106Z	47	PC: 12b34 \| Get disk transfer address
2018-12-17T23:09:19.343219556Z	61	PC: 12b39 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:19.350193263Z	63	PC: 12b49 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:09:19.356886353Z	66	PC: 12b54 \| Move file pointer
2018-12-17T23:09:19.359718255Z	66	PC: 12b6b \| Move file pointer
2018-12-17T23:09:19.361561429Z	63	PC: 12b77 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:09:19.364492848Z	66	PC: 12ba8 \| Move file pointer
2018-12-17T23:09:19.366793642Z	64	PC: 12bb6 \| Write file or device (Write 3949 bytes on handle 5)
2018-12-17T23:09:19.386049923Z	66	PC: 12bbf \| Move file pointer
2018-12-17T23:09:19.388021279Z	64	PC: 12bcb \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:19.399374245Z	62	PC: 12bcf \| Close file
2018-12-17T23:09:19.411941385Z	42	PC: 12bd3 \| Get date 0x12bd3: cmp dh, 0xc 0x12bd6: jne 0x12bf2 0x12bd8: cmp dl, 0x1f 0x12bdb: jne 0x12bf2 0x12bdd: mov si, 0x192 0x12be0: add si, bp 0x12be2: mov ax, 0xb800 0x12be5: mov es, ax 0x12be7: xor di, di 0x12be9: mov cx, 0x690 0x12bec: rep movsd dword ptr es:[di], dword ptr [si] 0x12bee: mov ah, 1 0x12bf0: int 0x21 0x12bf2: mov ah, 0x3b 0x12bf4: mov dx, 0xf4b 0x12bf7: add dx, bp 0x12bf9: int 0x21 0x12bfb: mov ah, 0x3b 0x12bfd: mov dx, word ptr [bp + 0xeb2] 0x12c01: int 0x21
2018-12-17T23:09:19.414581307Z	59	PC: 12bfb \| Change current directory
2018-12-17T23:09:19.420990712Z	59	PC: 12c03 \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16486,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:04.740611391Z	26	PC: 12a9b \| Set disk transfer address
2018-12-25T12:53:04.74569341Z	71	PC: 12aa5 \| Get current directory
2018-12-25T12:53:04.76328261Z	59	PC: 12aae \| Change current directory
2018-12-25T12:53:04.766427906Z	78	PC: 12aba \| Find first file
2018-12-25T12:53:04.774763039Z	79	PC: 12ac6 \| Find next file
2018-12-25T12:53:04.782109154Z	59	PC: 12ad7 \| Change current directory
2018-12-25T12:53:04.794425996Z	47	PC: 12adb \| Get disk transfer address
2018-12-25T12:53:04.795766533Z	26	PC: 12aec \| Set disk transfer address
2018-12-25T12:53:04.797517301Z	78	PC: 12af8 \| Find first file
2018-12-25T12:53:04.80429103Z	47	PC: 12b25 \| Get disk transfer address
2018-12-25T12:53:04.805422435Z	47	PC: 12b34 \| Get disk transfer address
2018-12-25T12:53:04.807013838Z	61	PC: 12b39 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:04.814463826Z	63	PC: 12b49 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:04.821696013Z	66	PC: 12b54 \| Move file pointer
2018-12-25T12:53:04.823876614Z	66	PC: 12b6b \| Move file pointer
2018-12-25T12:53:04.825410451Z	63	PC: 12b77 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:53:04.828133645Z	66	PC: 12ba8 \| Move file pointer
2018-12-25T12:53:04.831041179Z	64	PC: 12bb6 \| Write file or device (Write 3949 bytes on handle 5)
2018-12-25T12:53:04.847411033Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:53:04.849797861Z	64	PC: 12bcb \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:04.85755789Z	62	PC: 12bcf \| Close file
2018-12-25T12:53:04.866615154Z	42	PC: 12bd3 \| Get date 0x12bd3: cmp dh, 0xc 0x12bd6: jne 0x12bf2 0x12bd8: cmp dl, 0x1f 0x12bdb: jne 0x12bf2 0x12bdd: mov si, 0x192 0x12be0: add si, bp 0x12be2: mov ax, 0xb800 0x12be5: mov es, ax 0x12be7: xor di, di 0x12be9: mov cx, 0x690 0x12bec: rep movsd dword ptr es:[di], dword ptr [si] 0x12bee: mov ah, 1 0x12bf0: int 0x21 0x12bf2: mov ah, 0x3b 0x12bf4: mov dx, 0xf4b 0x12bf7: add dx, bp 0x12bf9: int 0x21 0x12bfb: mov ah, 0x3b 0x12bfd: mov dx, word ptr [bp + 0xeb2] 0x12c01: int 0x21
2018-12-25T12:53:04.868871832Z	59	PC: 12bfb \| Change current directory
2018-12-25T12:53:04.8735727Z	59	PC: 12c03 \| Change current directory

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16486,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:04.858226618Z	26	PC: 12a9b \| Set disk transfer address
2018-12-25T12:53:04.859523612Z	71	PC: 12aa5 \| Get current directory
2018-12-25T12:53:04.861230472Z	59	PC: 12aae \| Change current directory
2018-12-25T12:53:04.863719224Z	78	PC: 12aba \| Find first file
2018-12-25T12:53:04.870577647Z	79	PC: 12ac6 \| Find next file
2018-12-25T12:53:04.87212492Z	59	PC: 12ad7 \| Change current directory
2018-12-25T12:53:04.875553813Z	47	PC: 12adb \| Get disk transfer address
2018-12-25T12:53:04.876567055Z	26	PC: 12aec \| Set disk transfer address
2018-12-25T12:53:04.877331179Z	78	PC: 12af8 \| Find first file
2018-12-25T12:53:04.880745544Z	47	PC: 12b25 \| Get disk transfer address
2018-12-25T12:53:04.881803616Z	47	PC: 12b34 \| Get disk transfer address
2018-12-25T12:53:04.882477443Z	61	PC: 12b39 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:04.886184523Z	63	PC: 12b49 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:04.890157777Z	66	PC: 12b54 \| Move file pointer
2018-12-25T12:53:04.891022779Z	66	PC: 12b6b \| Move file pointer
2018-12-25T12:53:04.891789367Z	63	PC: 12b77 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:53:04.893601944Z	66	PC: 12ba8 \| Move file pointer
2018-12-25T12:53:04.894477457Z	64	PC: 12bb6 \| Write file or device (Write 3949 bytes on handle 5)
2018-12-25T12:53:05.002044206Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:53:05.009397569Z	64	PC: 12bcb \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:05.016876806Z	62	PC: 12bcf \| Close file
2018-12-25T12:53:05.029766217Z	42	PC: 12bd3 \| Get date 0x12bd3: cmp dh, 0xc 0x12bd6: jne 0x12bf2 0x12bd8: cmp dl, 0x1f 0x12bdb: jne 0x12bf2 0x12bdd: mov si, 0x192 0x12be0: add si, bp 0x12be2: mov ax, 0xb800 0x12be5: mov es, ax 0x12be7: xor di, di 0x12be9: mov cx, 0x690 0x12bec: rep movsd dword ptr es:[di], dword ptr [si] 0x12bee: mov ah, 1 0x12bf0: int 0x21 0x12bf2: mov ah, 0x3b 0x12bf4: mov dx, 0xf4b 0x12bf7: add dx, bp 0x12bf9: int 0x21 0x12bfb: mov ah, 0x3b 0x12bfd: mov dx, word ptr [bp + 0xeb2] 0x12c01: int 0x21
2018-12-25T12:53:05.033103166Z	59	PC: 12bfb \| Change current directory
2018-12-25T12:53:05.03914744Z	59	PC: 12c03 \| Change current directory

{"DateBased":true,"Day":31,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16486,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:05.158660567Z	26	PC: 12a9b \| Set disk transfer address
2018-12-25T12:53:05.160320738Z	71	PC: 12aa5 \| Get current directory
2018-12-25T12:53:05.162998881Z	59	PC: 12aae \| Change current directory
2018-12-25T12:53:05.167043283Z	78	PC: 12aba \| Find first file
2018-12-25T12:53:05.178172927Z	79	PC: 12ac6 \| Find next file
2018-12-25T12:53:05.181413554Z	59	PC: 12ad7 \| Change current directory
2018-12-25T12:53:05.186994664Z	47	PC: 12adb \| Get disk transfer address
2018-12-25T12:53:05.19035341Z	26	PC: 12aec \| Set disk transfer address
2018-12-25T12:53:05.191296515Z	78	PC: 12af8 \| Find first file
2018-12-25T12:53:05.199834551Z	47	PC: 12b25 \| Get disk transfer address
2018-12-25T12:53:05.201367865Z	47	PC: 12b34 \| Get disk transfer address
2018-12-25T12:53:05.202291533Z	61	PC: 12b39 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:05.208641768Z	63	PC: 12b49 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:05.215438001Z	66	PC: 12b54 \| Move file pointer
2018-12-25T12:53:05.216595378Z	66	PC: 12b6b \| Move file pointer
2018-12-25T12:53:05.217652147Z	63	PC: 12b77 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:53:05.220500306Z	66	PC: 12ba8 \| Move file pointer
2018-12-25T12:53:05.221540693Z	64	PC: 12bb6 \| Write file or device (Write 3949 bytes on handle 5)
2018-12-25T12:53:05.242083358Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:53:05.243344604Z	64	PC: 12bcb \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:05.249842999Z	62	PC: 12bcf \| Close file
2018-12-25T12:53:05.258378664Z	42	PC: 12bd3 \| Get date 0x12bd3: cmp dh, 0xc 0x12bd6: jne 0x12bf2 0x12bd8: cmp dl, 0x1f 0x12bdb: jne 0x12bf2 0x12bdd: mov si, 0x192 0x12be0: add si, bp 0x12be2: mov ax, 0xb800 0x12be5: mov es, ax 0x12be7: xor di, di 0x12be9: mov cx, 0x690 0x12bec: rep movsd dword ptr es:[di], dword ptr [si] 0x12bee: mov ah, 1 0x12bf0: int 0x21 0x12bf2: mov ah, 0x3b 0x12bf4: mov dx, 0xf4b 0x12bf7: add dx, bp 0x12bf9: int 0x21 0x12bfb: mov ah, 0x3b 0x12bfd: mov dx, word ptr [bp + 0xeb2] 0x12c01: int 0x21
2018-12-25T12:53:05.261308725Z	1	PC: 12bf2 \| Character input